cl0p
CL0P/FIN11 Go In-Memory on Oracle EBS — The Extortion Comes Later
Oracle EBS got in-memory Java loaders, not lockerware. Patch CVE-2025-61882, lock egress, hunt TemplatePreviewPG with TMP|DEF + XSL-TEXT|XML. Extortion rides in via “pubstorm.”
oracle
zero-day
Signals Weekly: Zero-Days, Hijacked Payrolls & a Crypto Kingpin
This Week's Threat Intel Pulse: Oracle EBS zero-day exploited before patches dropped, Storm-1175 abuses GoAnywhere MFT, payroll hijackers hit US universities, ransomware crews weaponize Velociraptor, and a $15B Southeast Asian scam network faces global sanctions.
forecasts
By Dec 31, 2025, will a reputable primary source (Oracle, CISA, Mandiant/MSTIC, affected org’s SEC 8-K/IR blog) confirm at least one breach where CVE-2025-61882 was the initial access vector?
Oracle EBS zero-day (CVE-2025-61882): OOB patch, KEV-listed, exec extortion emails flying. We’re at 76% that a primary source names it as initial access by 12/31. Raise or fade? 🧨🧭
oracle
Oracle Cloud Breach Allegations: Unveiling "rose87168" and Their Cloud Exploitation Tactics
The threat actor "rose87168" has emerged as a player in the cybercriminal landscape, claiming responsibility for a major breach involving Oracle Cloud. This actor allegedly exploited vulnerabilities in Oracle's federated single sign-on (SSO) and LDAP systems...